Gavin Livingstone, Bryley Systems Inc.
Most situations benefit from an assessment – Firefighters assess the structure, locale, and availability of resources (water) before rushing into a burning building; politicians (hopefully) assess the potential consequences before stating their position on a controversial topic; my insurance company wants to assess the damage before they fix my car.
Business owners and decision-makers use assessments continuously: Useful, structured information is key to reducing risks and to measuring these risks against the intended result. An assessment simply allows one to read the current state, consider the desired outcome and potential consequences, and provide (hopefully) all of the information needed to make a superior decision.
In order to make an informed business decision on your IT investment and future, you need comprehensive, factual information on the current state of your IT infrastructure, focusing on at least these topics:
- Business goals, needs, and budget
- Applications, Cloud or on-premise, and their operating environments
- End-users devices (workstations, notebooks, mobile devices, printers, etc.)
- Network equipment (servers, SANs, firewalls, switches) and Cloud options
- Exceptions to best and standard practices
To do so, you would request a computer-network assessment, which identifies network-based and Cloud-based assets; it should also expose security gaps and all other issues that could impact uptime.
Done right, an assessment should include:
- Review business goals relative to mission-critical technology.
- Determine current and future needs in terms of applications, users, network capacity, and Cloud options.
- Define the available budget to address these goals and needs.
- List each application; include vendor-contact information.
- Identify all users of each application and their operating environment.
- Assess application’s environment for current and future needs.
- End-user devices:
- Create a configuration sheet for each device with relevant details.
- Assess capacity of device compared to current and future needs.
- Network equipment and Cloud options:
- Create a configuration sheet for each on-premise item with full details.
- Assess capacity of equipment compared to current and future needs.
- Identify software licenses:
- Review non-OEM licensing.
- Verify license count to server settings and actual users.
- Identify and assess Cloud options.
- Identify exceptions to standard practices.
- Identify environmental exceptions.
- Create exceptions document.
Bryley Systems offers an entry-level service, Network Assessment/Basic™, but also offer two higher-value network-assessment options:
- Network Assessment/Plus™
- Network Assessment/Pro™
Network Assessment/Basic™ provides basic information at a modest investment. It includes the following:
- Deployment of our secure, non-invasive, network-assessment tool for one-time collection of data (followed by immediate removal of this tool).
- Brief, non-client-facing review of these reports by a Bryley Engineer.
- Presentation of these network-infrastructure reports:
- Network Assessment PowerPoint – Summary with risk and issue scores
- External Network Vulnerabilities Summary – External vulnerabilities
- Client Risk Report – Overall risk score with risk-area charts
- Site Diagram – A Visio-style graphic of network assets
Network Assessment/Plus™ is a mid-level approach with additional reports and an in-depth review with written comments. It includes the deliverables above plus these additional items:
- In-depth, non-client-facing review with comments from a Bryley Engineer.
- Presentation of these additional, network-infrastructure and security reports:
- Full Detail Report – Unfiltered details on configurations and activity
- Internal Vulnerabilities Report – Deviations from industry standards
- Network Security reports – Proprietary Security Risk Score
- Security Assessment reports –Security policies and login
Network Assessment/Pro™ is an all-inclusive effort with an onsite, client-facing presence by a Bryley engineering team and a complete, detailed write-up with recommendations. Its purpose is to review and document all assets, security gaps, and related issues identified via our network-assessment tool and an onsite, visual examination. These findings are documented, along with all relevant reports from our network-assessment tool, and are presented onsite to the recipient.